From: domg472@gmail.com (Dominick Grift) Date: Fri, 18 Mar 2011 12:03:03 +0100 Subject: [refpolicy] [ apache patch 1/1] Run nginx in the httpd_t domain. Message-ID: <20110318110259.GA25236@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com http://lists.fedoraproject.org/pipermail/selinux/2011-March/013583.html Signed-off-by: Dominick Grift --- :100644 100644 9e39aa5... 6d60ffb... M policy/modules/services/apache.fc policy/modules/services/apache.fc | 6 ++++++ 1 files changed, 6 insertions(+), 0 deletions(-) diff --git a/policy/modules/services/apache.fc b/policy/modules/services/apache.fc index 9e39aa5..6d60ffb 100644 --- a/policy/modules/services/apache.fc +++ b/policy/modules/services/apache.fc @@ -10,8 +10,10 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u /etc/httpd/modules gen_context(system_u:object_r:httpd_modules_t,s0) /etc/lighttpd(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) /etc/mock/koji(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) +/etc/nginx(/.*)? gen_context(system_u:object_r:httpd_config_t,s0) /etc/rc\.d/init\.d/httpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) /etc/rc\.d/init\.d/lighttpd -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) +/etc/rc\.d/init\.d/nginx -- gen_context(system_u:object_r:httpd_initrc_exec_t,s0) /etc/vhosts -- gen_context(system_u:object_r:httpd_config_t,s0) /etc/zabbix/web(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) @@ -36,6 +38,7 @@ HOME_DIR/((www)|(web)|(public_html))(/.+)? gen_context(system_u:object_r:httpd_u /usr/sbin/apache-ssl(2)? -- gen_context(system_u:object_r:httpd_exec_t,s0) /usr/sbin/httpd(\.worker)? -- gen_context(system_u:object_r:httpd_exec_t,s0) /usr/sbin/lighttpd -- gen_context(system_u:object_r:httpd_exec_t,s0) +/usr/sbin/nginx -- gen_context(system_u:object_r:httpd_exec_t,s0) /usr/sbin/rotatelogs -- gen_context(system_u:object_r:httpd_rotatelogs_exec_t,s0) /usr/sbin/suexec -- gen_context(system_u:object_r:httpd_suexec_exec_t,s0) @@ -77,6 +80,7 @@ ifdef(`distro_suse', ` /var/lib/drupal(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) /var/lib/htdig(/.*)? gen_context(system_u:object_r:httpd_sys_content_t,s0) /var/lib/httpd(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0) +/var/lib/nginx(/.*)? gen_context(system_u:object_r:httpd_var_lib_t,s0) /var/lib/php/session(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) /var/lib/squirrelmail/prefs(/.*)? gen_context(system_u:object_r:httpd_squirrelmail_t,s0) @@ -86,6 +90,7 @@ ifdef(`distro_suse', ` /var/log/cgiwrap\.log.* -- gen_context(system_u:object_r:httpd_log_t,s0) /var/log/httpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) /var/log/lighttpd(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) +/var/log/nginx(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) /var/log/piranha(/.*)? gen_context(system_u:object_r:httpd_log_t,s0) ifdef(`distro_debian', ` @@ -97,6 +102,7 @@ ifdef(`distro_debian', ` /var/run/httpd.* gen_context(system_u:object_r:httpd_var_run_t,s0) /var/run/lighttpd(/.*)? gen_context(system_u:object_r:httpd_var_run_t,s0) /var/run/mod_.* gen_context(system_u:object_r:httpd_var_run_t,s0) +/var/run/nginx.* gen_context(system_u:object_r:httpd_var_run_t,s0) /var/run/wsgi.* -s gen_context(system_u:object_r:httpd_var_run_t,s0) /var/spool/gosa(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0) -- 1.7.4 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20110318/b8c876e0/attachment.bin